U.S. DOJ extradites LockBit developer from Israel
LockBit founder still wanted
The U.S. Department of Justice (DOJ) announced the extradition of developer Rostislav Panev to the United States. Authorities claim the 51-year-old Russian-Israeli citizen, arrested in Israel in December 2024, admitted to creating code and providing consulting services for the LockBit ransomware group, which paid him in cryptocurrency.
According to case materials, Panev was a LockBit developer from its inception in 2019 until approximately February 2024. During this period, LockBit gained a reputation as the most active and destructive ransomware group.
LockBit targeted at least 2,500 victims in 120 countries, including individuals, businesses, multinational corporations, hospitals, governments, and even law enforcement agencies.
As of 2022, LockBit was considered the most widespread ransomware globally. By early 2023, it accounted for 44% of all ransomware incidents. In the U.S. alone, LockBit was used in approximately 1,700 attacks from January 2020 to May 2023, generating $91 million in ransom payments.
Court filings also mention that LockBit has around 1,800 victims in the U.S. and that its members are believed to have laundered $500 million obtained from their targets.
U.S. authorities vow to arrest all LockBit members
In interviews following his arrest in Israel, Panev told authorities that he performed various tasks for LockBit, including coding, software development, and consulting. One of his key projects involved creating code to disable antivirus software and infect network-connected computers.
Panev's arrest followed a February 2024 operation by UK authorities that disrupted LockBit’s ransomware program. The joint operation was conducted by the DOJ, FBI, and other international law enforcement agencies. Along with Panev, charges were filed against seven other LockBit members.
The identity of LockBit's main creator, Dmitry Khoroshev, was revealed in May 2023. According to the indictment, he began developing LockBit in September 2019 and remained its administrator until 2024. His current whereabouts are unknown, and the DOJ has offered a $10 million reward for information leading to his capture.
As we wrote, the Lazarus Group has infected hundreds of software developers, deploying malware via npm packages to steal credentials, extract crypto wallet data, and install a persistent backdoor.
